J.L. Massey, "SAFER K-64: A Byte-Oriented Block-Ciphering Algorithm", Fast Software Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, 1994, pp. 1--17.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....strength, and is designed for extremely efficient software implementation. It combines an LFSR generator based on that of SOBER[27] with a keyed mixing function reminiscent of a block cipher round. Aspects of the block mixer round have been derived from Rijndael[20] Twofish[21] tc24[23] and SAFER[22]. 1. Introduction Turing (named after Alan Turing) is a stream cipher designed to simultaneously be: Extremely fast in software on commodity PCs . Usable in very little RAM on embedded processors . Exploit parallelism to enable fast hardware implementation. The Turing stream cipher has a ....

....in [7] The efficient LFSR updating method is modeled after that of SNOW 2.0 [24] Turing combines the LFSR generator with a keyed mixing function reminiscent of a block cipher round. Aspects of the block mixing function have been derived from Rijndael[20] Twofish[21] tc24[23] and SAFER[22]. Turing is designed to meet the needs of embedded applications such as voice encryption in wireless telephones that place severe constraints on the amount of processing power, program space and memory available for software encryption algorithms. Since most of the mobile telephones in use ....

James L. Massey, "{SAFER} K-64: A Byte-Oriented Block-Ciphering Algorithm", in Proc. Fast Software Encryption, Lecture Notes in Computer Science, 1993.

....name integrals has since been proposed independently by both Knudsen [18, 19] and Yu, Zhang, and Xiao [12] to describe this general class of attacks. Also, in [6] the attack was described in terms of lambda sets and applied also to reduced round versions of the ciphers SHARK [30] and SAFER K [25]. Since their introduction, integrals have been used to cryptanalyse reducedround versions of Square [5] SAFER K [20] SAFER [12] Crypton [8] Rijndael [9] Twofish [24] Hierocrypt [1] IDEA [27] and Camellia [10] We have shown here additional examples of applications of integrals. Thus, ....

J.L. Massey. "SAFER K-64: A byte-oriented block-ciphering algorithm," In R. Anderson, editor, Fast Software Encryption - Proc. Cambridge Security Workshop, Cambridge, U.K., LNCS 809, pages 1--17. Springer Verlag, 1994.

....exhaustively search over the remaining 48 unknown bits. 12 4. 3 SAFER K 64 SAFER K 64 is a 6 round block cipher whose round function combines the input with a round subkey, applies eight parallel 8 bit permutation S boxes, combines the result with another subkey, and ends with a di#usion layer [Mas94]. The key schedule rotates the ith master key byte and adds a constant to obtain the ith byte of each round subkey; therefore master key byte i a#ects only the input and output of S box i in every round. Knudsen shows that this regularity in the SAFER K 64 key schedule causes serious weaknesses in ....

J.L. Massey, "SAFER K-64: A Byte-Oriented Block-Ciphering Algorithm ", Fast Software Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, 1994, pp. 1--17.

.... the block cipher [Win84, RIPE92] In [KSW96] we gave a summary of key schedule attacks against block ciphers, showed practical protocols that allow related key attacks to be mounted, and presented related key attacks against GOST [GOST89] IDEA [LMM91] with a reduced number of rounds, SAFER K 64 [Mas94], DES with independent subkeys, G DES [PA90a, PA90b] and three key triple DES. This paper continues the research undertaken in that work. 2 New Di#erential Related Key Attacks 2.1 3 WAY 3 WAY is an 11 round cipher on 96 bit blocks [Dae94] Ignoring trivialities such as the input and output ....

J.L. Massey, "SAFER K-64: A Byte-Oriented Block-Ciphering Algorithm ", Fast Software Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, 1994, pp. 1--17.

....Twofish uses a single 4 by 4 MDS matrix over GF(2 8 ) 3.4 Pseudo Hadamard Transforms A pseudo Hadamard transform (PHT) is a simple mixing operation that runs quickly in software. Given two inputs, a and b, the 32 bit PHT is defined as: a # = a b mod 2 32 b # = a 2b mod 2 32 SAFER [Mas94] uses 8 bit PHTs extensively for diffusion. Twofish uses a 32 bit PHT to mix the outputs from its two parallel 32 bit g functions. This PHT can be executed in two opcodes on most modern microprocessors, including the Pentium family. 3.5 Whitening Whitening, the technique of xoring key material ....

....it would be impossible to put a weakness of this magnitude into a block cipher and have it remain undetected through the AES process. And we would be foolish to even try. 10 When is a Cipher Insecure More and more recent ciphers are being defined with a variable number of rounds: e.g. SAFER K64 [Mas94], RC5, and Speed [Zhe97] This means that it is impossible to categorically state that a given cipher construction is insecure: there might always be a number of rounds n for which the cipher is still secure. However, while this might theoretically be true, this is not a useful engineering ....

J.L. Massey, "SAFER K-64: A ByteOriented Block-Ciphering Algorithm," Fast Software Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, 1994, pp. 1--17.

....Twofish uses a single 4 by 4 MDS matrix over GF(2 8 ) 3.4 Pseudo Hadamard Transforms A pseudo Hadamard transform (PHT) is a simple mixing operation that runs quickly in software. Given two inputs, a and b, the 32 bit PHT is defined as: a 0 = a b mod 2 32 b 0 = a 2b mod 2 32 SAFER [Mas94] uses 8 bit PHTs extensively for diffusion. Twofish uses a 32 bit PHT to mix the outputs from its two parallel 32 bit g functions. This PHT can be executed in two opcodes on most modern microprocessors, including the Pentium family. 3.5 Whitening Whitening, the technique of xoring key material ....

....it would be impossible to put a weakness of this magnitude into a block cipher and have it remain undetected through the AES process. And we would be foolish to even try. 10 When is a Cipher Insecure More and more recent ciphers are being defined with a variable number of rounds: e.g. SAFER K64 [Mas94], RC5, and Speed [Zhe97] This means that it is impossible to categorically state that a given cipher construction is insecure: there might always be a number of rounds n for which the cipher is still secure. However, while this might theoretically be true, this is not a useful engineering ....

J.L. Massey, "SAFER K-64: A ByteOriented Block-Ciphering Algorithm," Fast Software Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, 1994, pp. 1--17.

....exhaustively search over the remaining 48 unknown bits. 12 4. 3 SAFER K 64 SAFER K 64 is a 6 round block cipher whose round function combines the input with a round subkey, applies eight parallel 8 bit permutation S boxes, combines the result with another subkey, and ends with a diffusion layer [Mas94]. The key schedule rotates the ith master key byte and adds a constant to obtain the ith byte of each round subkey; therefore master key byte i affects only the input and output of S box i in every round. Knudsen shows that this regularity in the SAFER K 64 key schedule causes serious weaknesses ....

J.L. Massey, "SAFER K-64: A Byte-Oriented Block-Ciphering Algorithm", Fast Software Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, 1994, pp. 1--17.

....from GF(2 32 ) to GF(2 32 ) Thus an analysis of transform domain properties of the feedback function of RC5 can be partially done by computation. We will discuss this in a separate paper. Other block ciphers widely used in Internet communications [22] such as IDEA [13] and SAFER K 64 [17], are different modes. They directly use a permutation function from Z n 2 toZ n 2 instead of feedback shift resister structures. But the transform spectrum analysis techniques used for DES also can be applied to them. 2 Preliminaries In this section, we will adopt some tools from ....

J.L.Massey, "SAFER K-64: A byte-oriented block-ciphering algorithm", Proceedings of Fast Software Encryption (Ed. R. Anderson), Lecture Notes in Computer Science No. 809, pp.1-17. New York Springer, 1994

....always equals the output is made variable. The round transformation of SHARK, which we describe in this paper, is more uniform: Y = F (K; X) where F (K; X) is an invertible function. This structure is similar to a substitutionpermutation network [FNS75] and is also used in MMB [DGV93] SAFER [M94, M95], and 3 WAY [DGV94b] Each round transforms the whole round input. The combination of strong diffusion and uniform non linearity allows the reduction of the number of rounds, but, compared with a Feistel cipher, the amount of work per round increases. An important design criterion for an ....

....but, compared with a Feistel cipher, the amount of work per round increases. An important design criterion for an encryption algorithm is its performance. Designers search for round functions that allow to reduce the number of rounds in order to get maximal performance. CAST [AT95] and SAFER [M94] can be seen as attempts in this direction. The lurking danger is that a small number of rounds makes a whole range of new attacks possible, e.g. the differential linear attack on eight rounds of the DES [LH94] truncated differentials in SAFER [K95, K96] and imbalance of the round function in ....

J. Massey, "SAFER K-64: a byte-oriented block-ciphering algorithm," Fast Software Encryption, LNCS 809, R. Anderson, Ed., Springer-Verlag, 1994, pp. 1--17.

.... the block cipher [Win84, RIPE92] In [KSW96] we gave a summary of key schedule attacks against block ciphers, showed practical protocols that allow related key attacks to be mounted, and presented related key attacks against GOST [GOST89] IDEA [LMM91] with a reduced number of rounds, SAFER K 64 [Mas94] DES with independent subkeys, G DES [PA90a, PA90b] and three key triple DES. This paper continues the research undertaken in that work. 2 New Differential Related Key Attacks 2.1 3 WAY 3 WAY is an 11 round cipher on 96 bit blocks [Dae94] Ignoring trivialities such as the input and output ....

J.L. Massey, "SAFER K-64: A Byte-Oriented Block-Ciphering Algorithm ", Fast Software Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, 1994, pp. 1--17.

No context found.

J.L. Massey, "SAFER K-64: A Byte-Oriented Block-Ciphering Algorithm", Fast Software Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, 1994, pp. 1--17.

No context found.

J. L. Massey, "SAFER K-64: A Byte-Oriented Block-Ciphering Algorithm," Fast Software Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, Pages 1-17, 1994.

No context found.

J.L. Massey, "SAFER-K64: A byte oriented block-ciphering algorithm," Fast Software Encryption, LNCS 809, R. Anderson, Ed., Springer-Verlag, 1994, pp. 1--17.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC